karaf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Schneider <ch...@die-schneider.net>
Subject Re: Does the ssh:sshd command really need to create a new ssh server on each call?
Date Tue, 03 Jul 2012 12:47:58 GMT
I agree. Removing the command is probably the easiest solution. By 
changing the config you can start/stop the ssh server instantly.

About the netstat like command. I am also not sure how to implement such 
a thing. One idea is to have each module that offers and external 
service also offer a osgi service that reports the metadata of this 
service. We could either have a Java interface for that or use service 
properties.

In any case the metadata about each network service could be:

Ipaddress / Name
Port
Description
(Config PID)
(Security Infos)

So for example netstat may give:

Name/Port      Service Name Description
localhost:8101 ssh          Secure Shell
localhost:8181 http         Jetty
localhost:6161 ActiveMQ     ActiveMQ Messaging

Optionally we could also show the config pid so people know where to 
configure port and other settings.
We could also show some details about the security.

For example if the default ssh private key may login we can show a 
warning about that.

A central config file where you can set ports and if services should 
start may make sense. We should then make sure though that this 
mechanism is well a bit hidden from the modules so they do not have to 
each implement reading this file.

Perhaps we could have a central service that can be asked for the port 
of a named service and if it should start. A config for a such a service 
could look like this:

ssh:8101,start
activemq:6161,stop
http:8181,start

Not sure if this is a good idea though.

Christian

Am 03.07.2012 14:18, schrieb Guillaume Nodet:
> I'm not really sure how we could do such a netstat command if we don't
> manage all the ports ourselves ...
>
> Anyway, for sshd, i guess we could get rid of the command if it isn't used
> (and I agree I've never seen anyone using it so far).  I don't think we
> should add management layers for each port though: all the configuration is
> already centralized in configadmin, and I fear that adding lots of commands
> for managing things that we already have common management for, may just
> confuse users.  I guess what we're missing for common ports is a simpler
> way (more centralized) configuration file, so maybe using
> etc/config.properties for common port configuration and using placeholders
> referring to those would be easier for users, so that they would only have
> a single file to modify...
> Removing this sshd command will have a nice effect of removing your concern
> about mixing blueprint calls in the code btw ;-)
>
> On Mon, Jul 2, 2012 at 2:57 PM, Christian Schneider <chris@die-schneider.net
>> wrote:
>> You hit a good sport there. I think we could need an information on all
>> kind of services with external connectivity that are running.
>>
>> So tpyically I would like to see:
>> - http
>> - ssh
>> - jmx
>> ...
>>
>> As bit like netstat -l just for karaf but with some additional
>> informations. I think such a command would also be a nice security tool to
>> check you do not have ports open that should be closed.
>>
>> Christian
>>
>>
>> Am 02.07.2012 14:48, schrieb Claus Ibsen:
>>
>>   Hi
>>> I miss a command to list the current running sshd servers.
>>>
>>> So for example if people start Karaf using bin/karaf, then there is no
>>> easy way to find out what the SSH port is if you want to remote
>>> connect to your Karaf.
>>>
>>> In that light for starters a list option on sshd would be nice
>>> ssdh list
>>>
>>>
>>>
>>> PS: Likewise for JMX etc.
>>> It would be nice with some way to see in the logs / from karaf:info
>>> etc. to see all the running management services and the urls they
>>> expose for remote management. Today you gotta know the defaults, and
>>> "cross fingers" that this is the options you use. If not you gotta go
>>> hunt in the zillion config files in etc to figure out this.
>>>
>>>
>>>
>>>
>>> On Mon, Jul 2, 2012 at 11:50 AM, Christian Schneider
>>> <chris@die-schneider.net> wrote:
>>>
>>>> Hi all,
>>>>
>>>> while working on the ssh part of karaf I wondered if the sshd command is
>>>> really implemented in the way people need it.
>>>> Currently each call to sshd creates a new ssh server. I personally never
>>>> had
>>>> the need to have more than one ssh server running for one instance of
>>>> karaf.
>>>>
>>>> So I wonder if it would make sense to change the command to manage a
>>>> single
>>>> ssh server instance. Like:
>>>>
>>>> ssh:sshd start -p 8102
>>>> or ssh:sshd start -p 8102
>>>> ssh:sshd stop
>>>>
>>>> JB told me that ssh is used in Fabric and there it might be necessary to
>>>> have more than one instance.
>>>> @Guillaume can you give us some insight how it is used there?
>>>>
>>>> If we decide we need the capability to run more than one instance of ssh
>>>> server then I think we should at least provide full management of these
>>>> instances.
>>>> Currently the sshd command can start any number of ssh servers but it can
>>>> not stop them. I think the servers started in this way would not even
>>>> stop
>>>> when the ssh bundle is stopped.
>>>>
>>>> I also wonder if it would make sense to separate the ssh server part from
>>>> the ssh client. So you can start a ssh server by installing a
>>>> org.apache.karaf.sshd bundle or similar.
>>>>
>>>> Christian
>>>>
>>>> --
>>>> Christian Schneider
>>>> http://www.liquid-reality.de
>>>>
>>>> Open Source Architect
>>>> Talend Application Integration Division http://www.talend.com
>>>>
>>>>
>>>
>> --
>> Christian Schneider
>> http://www.liquid-reality.de
>>
>> Open Source Architect
>> Talend Application Integration Division http://www.talend.com
>>
>>
>


-- 
Christian Schneider
http://www.liquid-reality.de

Open Source Architect
Talend Application Integration Division http://www.talend.com


Mime
View raw message